Many analysts predict that radio frequency identification (RFID) technology will replace the barcodes attached to products in shops in 2008-12. Featuring a chip and an electronic reader, tiny RFID devices could be used to store data about both a product and the person who buys it.

In a new report, a committee which advises the Council of Ministers on data protection cites concerns “about the possibility of businesses and governments to use RFID technology to pry into the privacy-sphere of individuals”.

The committee, which is chaired by Germany’s data protection ombudsman Peter Schaar, addresses the likelihood that transport operators may introduce a system based on RFID technology for monthly passes. As well as allowing an organisation to know where an individual travels at all times, “third parties could also surreptitiously obtain the same information” because “anyone can detect the presence of particular RFID tags with a standard reader”, the report says.

Warning that RFID systems are “very susceptible to attacks”, the committee says that it would be possible for people owning a radar to detect passports, banknotes, books, medicines or personal belongings of people in a crowd should those objects have microchips. Terrorists could detect the nationalities of people in a crowd and chose their targets accordingly.

Under most scenarios, the committee says, consent from individuals will be the “only legal ground available to data controllers” justifying the use of RFID technology. But in certain cases, the need for consent could be waived – for example, if a hospital uses RFID in surgical instruments to ensure that none are left inside a patient’s body after an operation. The committee’s report echoes fears raised by civil liberty advocates. “RFID could be a disaster for personal privacy,” said Gus Hosein of Privacy International. “It could be useful in supply chain management – to track a box from factory ‘A’ to distributor ‘B’. But when it contains personal information or information that is linked to an individual, it could be the worst technology from a privacy point of view for a long time.”

Software manufacturer SAP is one of the world’s leading companies in developing RFID technology. SAP spokeswoman Antonia Stafford Ashton said it was vital that the surrounding data protection issues are tackled. “If they are not addressed, then the technology will not develop,” she added. “And that is a lose-lose situation.”

RFID devices can contain many times more information than a barcode. They could prove an important tool in direct-marketing campaigns by allowing retailers to monitor the shopping preferences of customers by determining how long they spend in different sections of a supermarket.

Big companies using RFID in the US include retail giant Wal-Mart. Civil libertarians have also urged a boycott of Gillette, which has been using RFID devices to deter theft of its shaving razors. Critics say that Gillette’s use of the technology intrudes on the personal lives of its customers.